|
|
|
|
|
|
by grebc
45 days ago
|
|
|
I definitely lean to the “trusted code should run safely” because it’s just simpler in general. At what point do you trust the system? And if you don’t trust any of it what are you trying to accomplish? Re OpenBSD: I think it just shows we’re all human(fallible) at the end of the day :) |
|
|
Yeah. Its yet another reminder that "being really careful" isn't an adequate security policy. Attackers only need to find 1 bug. Defenders need to protect everything. In large systems, you need defence in depth. Pledge? Yeah. NX? Yeah. Process isolation between subsystems? Yeah lets have that too. Static verification? Love it. Rust's borrow checker? Sure. We need it all.